This study reveals that large language model (LLM) agents can become pivotal systemic security risks in user-agent-service chains due to semantic closure vulnerabilities and introduces a novel distributed denial-of-service attack, termed AbO-DDoS. This attack requires only a single textual injection to trap AI agents in persistent recursion, enabling lightweight, stealthy, and targetable denial-of-service effects. The work formally defines the AbO-DDoS attack paradigm and proposes an active defense mechanism based on Agent Component Energy analysis to accurately detect malicious recursive behaviors. Experimental validation across three Claw-style agent architectures and three mainstream code-generation agents demonstrates significant impact: a single-node invocation amplification factor of up to 51.0×, a 229.1× increase in multi-node p95 latency, and superlinear growth in attack efficacy with the number of compromised nodes.

Large Language Model (LLM) agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of the agent acting as a disruptive hub within the user-agent-service chain remains largely overlooked. In this work, we expose a novel threat paradigm by introducing Mobius Injection, a sophisticated attack that weaponizes autonomous agents into zombie nodes to launch what we define as gent-based and -Oriented DDoS (AbO-DDoS) attacks. By exploiting a structural vulnerability in agentic logic named Semantic Closure, an adversary can induce sustained recursive execution of agent components through a single textual injection. We demonstrate that this attack is exceptionally lightweight, stealthy against both traditional DDoS monitors and contemporary AI safety filters, and highly configurable, allowing for surgical targeting of specific environments or model providers. To evaluate the real-world impact, we conduct extensive experiments across three representative claw-style agents and three mainstream coding agents, integrated with 12 frontier proprietary or open-weight LLMs. Our results demonstrate that Mobius Injection achieves substantial attack success across diverse tasks, driving single-node call amplification up to 51.0x and multi-node p95 latency inflation up to 229.1x. The attack performance exhibits a superlinear increase with the number of poisoning nodes. To mitigate Mobius Injection, we propose a proactive defense mechanism using Agent Component Energy (ACE) Analysis, which detects malicious recursive triggers by measuring anomalous energy in the agent's component graph.